Remove old method of updating email_access_validated_at

Previously we were passing a flag to the API which handled this. Now we are doing it at the time of clicking the link, not at the time of storing the new password. We don’t need to update the timestamp twice, so this commit removes the code which tells the API to do it.
2026-04-30 14:10:40 -04:00 · 2021-08-17 16:43:35 +01:00
parent 8355abeaf2
commit 5c1920fc20
6 changed files with 7 additions and 9 deletions
--- a/app/models/user.py
+++ b/app/models/user.py
@@ -114,8 +114,8 @@ class User(JSONModel, UserMixin):
        response = user_api_client.update_user_attribute(self.id, **kwargs)
        self.__init__(response)

-    def update_password(self, password, validated_email_access=False):
-        response = user_api_client.update_password(self.id, password, validated_email_access=validated_email_access)
+    def update_password(self, password):
+        response = user_api_client.update_password(self.id, password)
        self.__init__(response)

    def update_email_access_validated_at(self):
--- a/app/notify_client/user_api_client.py
+++ b/app/notify_client/user_api_client.py
@@ -74,10 +74,8 @@ class UserApiClient(NotifyAdminAPIClient):
        return user_data['data']

    @cache.delete('user-{user_id}')
-    def update_password(self, user_id, password, validated_email_access=False):
+    def update_password(self, user_id, password):
        data = {"_password": password}
-        if validated_email_access:
-            data["validated_email_access"] = validated_email_access
        url = "/user/{}/update-password".format(user_id)
        user_data = self.post(url, data=data)
        return user_data['data']
--- a/app/utils/login.py
+++ b/app/utils/login.py
@@ -23,7 +23,7 @@ def log_in_user(user_id):
        session['current_session_id'] = user.current_session_id
        # Check if coming from new password page
        if 'password' in session.get('user_details', {}):
-            user.update_password(session['user_details']['password'], validated_email_access=True)
+            user.update_password(session['user_details']['password'])
        user.activate()
        user.login()
    finally:
--- a/tests/app/main/views/test_new_password.py
+++ b/tests/app/main/views/test_new_password.py
@@ -156,6 +156,6 @@ def test_should_sign_in_when_password_reset_is_successful_for_email_auth(

    # the log-in flow makes a couple of calls
    mock_get_user.assert_called_once_with(user['id'])
-    mock_update_user_password.assert_called_once_with(user['id'], 'a-new_password', validated_email_access=True)
+    mock_update_user_password.assert_called_once_with(user['id'], 'a-new_password')

    assert not mock_send_verify_code.called
--- a/tests/app/main/views/test_two_factor.py
+++ b/tests/app/main/views/test_two_factor.py
@@ -234,7 +234,7 @@ def test_two_factor_sms_should_set_password_when_new_password_exists_in_session(
    assert response.location == url_for('main.show_accounts_or_dashboard', _external=True)

    mock_update_user_password.assert_called_once_with(
-        api_user_active['id'], 'changedpassword', validated_email_access=True
+        api_user_active['id'], 'changedpassword',
    )


--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -1353,7 +1353,7 @@ def mock_verify_password(mocker):

@pytest.fixture(scope='function')
 def mock_update_user_password(mocker, api_user_active):
-    def _update(user_id, password, validated_email_access=False):
+    def _update(user_id, password):
        api_user_active['id'] = user_id
        return api_user_active